python,哈希函数选择
使用 Python 和 Django,我将让我的用户向他们的朋友赠送基于 pdf 的礼物,该朋友将能够通过从电子邮件链接进入我的网站来索取 pdf 礼物。
这是计划
用户向他的朋友赠送礼物,输入朋友的电子邮件
在后台,保存一个礼物模型,其中将包含一个唯一的在保存时生成的哈希代码。
朋友收到电子邮件,提供了下载 pdf 的链接,该链接类似于 (
www.mydomain.com/gift/<此处的哈希代码>
)单击邮寄的链接时,系统会检查此类礼物是否具有给定哈希代码的模型存在。
如果是这样,下载开始,否则 404。
这是解决这个问题的聪明方法吗?如果是这样,您会推荐什么哈希函数?有趣的是,/gift/ 是向公众开放的,如果有幸找到一个链接,任何人都可以领取它。我计划通过接收者的名字加上礼物模型的 pk 来提供哈希函数
Using Python and Django, I will let my users to give pdf based gifts to their friends, which the said friend will be able to claim pdf by entering to my site from the emailed link.
Here is the plan
User gives a gives to his friend, enters friends email
In the background, a gift model is saved which will contain a uniquely generated hash code at the save.
Friend receives the email, provided the link to download the pdf which will be like (
www.mydomain.com/gift/<hash code here>
)When the mailed link is clicked, system checks if such gift model with the given hash code exists.
If so download starts, else 404.
Is this a clever way of solving this? If so what hashing function would you recommend ? It is interesting as the /gift/ is open to the public, if somehow lucky enough to find a link, anyone can claim it. I am planning to feed the hash function by receivers first-last name plus the pk of the gift model
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
不需要使用哈希,您只需要一个随机令牌。
使字符串足够长,让您满意,很难猜出
生成随机字符串的简单方法是
There is no need to use a hash, you just need a random token.
Make the string of characters long enough that you are happy it will be hard to guess
an easy way to generate a random string is
UUID 非常随机
UUIDs are pretty random
它可能不会完全按照您希望的方式做事,但这个项目将是一个很好的起点:
http://github.com/mogga/django-token-auth/
It may not do things exactly the way you wish, but this project would be a good starting point:
http://github.com/mogga/django-token-auth/